Skip to Content
Back to changelog

Assistants self-serve signup, credit gating, and risk policy expansions

This release lets unauthenticated users land on Gram with ?disposition=assistants and have an org auto-provisioned with the free-tier Polar subscription pre-attached. It also adds a credit-balance gate on /chat/completions, environment cloning, user session management APIs, and two new risk policy sources for destructive CLI commands and prompt injection.

Features

  • Auto-provision org on assistants signup #2656  - Auto-provisions an org and attaches the free-tier Polar subscription when an unauthenticated user lands on Gram with ?disposition=assistants and has no org after IDP signin. Materializes the default project and environment, marks the org as whitelisted to bypass the BookDemo gate, and redirects to /<org>/projects/default/assistants. (Author: @danielkov )
  • User session management API #2645  - Adds management APIs for user sessions: userSessionIssuers, userSessionClients, userSessions, and userSessionConsents for configuring auth servers, inspecting OAuth clients, listing minted sessions, and managing consent records. (Author: @qstearns )
  • Destructive CLI command policy #2607  - Adds a cli_destructive risk-policy source for flagging destructive CLI commands. Covers shell (rm -rf, dd, mkfs, chmod -R, sudo), git (push --force, reset --hard, branch -D), database (DROP, TRUNCATE, unguarded DELETE FROM), and cloud (aws ec2 terminate-instances, gcloud projects delete, kubectl delete) destructive patterns. Surfaces in PolicyCenter as a “Destructive CLI Commands” rule category. (Author: @bradcypert )
  • Heuristic prompt injection detection #2606  - Adds a “Prompt Injection” risk policy category to flag or block instruction overrides, role hijacks, system-prompt leaks, encoded payloads, delimiter injection, and shell tool-abuse attempts. (Author: @vishalg0wda )
  • Credit-balance gate on chat completions #2566  - Adds a pre-request credit check on /chat/completions for free-tier orgs. Returns HTTP 402 insufficient_credits once the cached Polar Chat Credits balance is exhausted. Pro and enterprise stay bounded by the existing OpenRouter monthly key cap. Self-serve top-up checkout is available via usage.createTopUpCheckout. (Author: @danielkov )
  • Model context window in chat completions metadata #2641  - Decorates /chat/completions responses with the upstream model’s context window via a gram_metadata extension. Pulled from OpenRouter’s per-model listing and cached for 72 hours. The streaming path injects the value into the final SSE frame. (Author: @danielkov )
  • Environment cloning #2561  - Adds a clone action to environment cards on the Environments page. The clone dialog lets users pick a new name and choose whether to copy only variable names with empty placeholders or duplicate the encrypted secret values. Ciphertext is copied row-to-row inside Postgres, never decrypted. Gated by environment:write plus a per-resource read check on the source environment. (Author: @simplesagar )

Bug fixes

  • Catalog registry pagination #2649  - Fixes catalog registry pagination so infinite scroll fetches all entries beyond the first page. ListServers now returns the upstream registry’s nextCursor alongside the server list, which ListCatalog passes through to the API response. (Author: @walker-tx )
  • OAuth discovery for root-level well-known metadata #2662  - Fixes OAuth discovery for MCP servers that host well-known metadata at the origin root regardless of endpoint path (such as Atlassian). The discovery chain now retries both /.well-known/oauth-protected-resource and /.well-known/oauth-authorization-server against the origin root with the path stripped. (Author: @walker-tx )
  • Marketplace plugin restart caching #2670  - Fixes private Claude Code plugins showing “not cached at (not recorded)” after restarting Claude Code. The marketplace proxy now fetches the current HEAD commit SHA and embeds it alongside ref in each git-subdir plugin source, giving Claude Code a stable cache key that survives restarts. (Author: @bradcypert )
  • PostHog event on assistants auto-provision #2673  - Captures a gram_assistants_signup PostHog event when the auth callback auto-provisions an org for a user landing with ?disposition=assistants. The event carries organization_id, organization_slug, disposition, and has_assistants_subscription so the funnel from signup to benefit attach is observable. (Author: @danielkov )
  • Denied challenges widget filter #2676  - Filters the “Recent Challenges” widget on the org home page to only show denied, unresolved challenges. When there are no denied challenges, the widget now renders the same empty state used on the Denied tab of the Challenges page. (Author: @adaam2 )

Last updated on

AI everywhere.

Control here.

Talk to usLearn more